ASP.NET MVC controller handling file downloads

Question

I've built a controller in MVC 5 to handle file downloads protected by login. The controller works fine without the pdf extension, ie paths like /media/1001/secretpdffile will download a file at App_Data/media/1001/secretpdffile.pdf only if the user is logged in.

I would like to have the pdf extension on the paths but as soon as I add it (of course also dropping the pdf I'm adding in the controller) that I get a 404 error.

This is my route

routes.MapRoute(
    name: "Media",
    url: "media/{mediaid}/{filename}",
    defaults: new { controller = "Media", action = "Get" }
);

I've seen a lot of places that try to solve this with <httpRuntime relaxedUrlToFileSystemMapping="true" /> or with setting a path with System.Web.Handlers.TransferRequestHandler in web.config but I haven't had any luck with that.

Can you add the Media/Get action's code? – Matthew Jones Jan 16 '15 at 16:27 — Matthew Jones, Jan 16 '15 at 16:27

score 0 · Answer 1 · edited May 23 '17 at 12:20

This is a normal behavior from IIS, called request filtering. Basically it will not send the request to ASP.MVC if there is a dot because it will think that you want a file, so it will look for the file on the server and return a 404 error because it can't find it.

You can find some solution here : https://stackoverflow.com/a/12151501/1681023

Or you can edit your configuration on IIS with disabling the feature like the first link show.

Or you can escape your dot, by replacing with %2E, it might be the easiest way.

On a side note, be careful with disabling the request filtering feature, obviously if you disable it for https://stackoverflow.com/media/* you won't be able to reach any resources in a folder named media from a http request, So if you want some image, css or js on your website, don't disable it for all your app or server.

score 0 · Answer 2 · answered Jan 16 '15 at 17:14

I changed the route url to "media/{mediaid}/{filename}.{format}" and updated the controller to expect the format parameter.

I also had to add this to the web.config

  <add name="ManagedFileWithExtension" path="/media/*/*.*" verb="GET" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />

ASP.NET MVC controller handling file downloads

2 Answers2